package com.hazelcast.aws.security;

import com.hazelcast.aws.AwsConfig;
import com.hazelcast.aws.utility.AwsURLEncoder;
import com.hazelcast.config.WanBatchReplicationPublisherConfig;
import com.hazelcast.internal.util.QuickMath;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/hazelcast/aws/security/EC2RequestSigner.class */
public class EC2RequestSigner {
    private static final String NEW_LINE = "\n";
    private static final String API_TERMINATOR = "aws4_request";
    private static final String HMAC_SHA256 = "HmacSHA256";
    private static final String UTF_8 = "UTF-8";
    private static final int DATE_LENGTH = 8;
    private static final int LAST_INDEX = 8;
    private final AwsConfig config;
    private final String timestamp;
    private String service = null;
    private Map<String, String> attributes;
    private String endpoint;

    public EC2RequestSigner(AwsConfig awsConfig, String str, String str2) {
        this.config = awsConfig;
        this.timestamp = str;
        this.endpoint = str2;
    }

    public String getCredentialScope() {
        return String.format("%s/%s/%s/%s", this.timestamp.substring(0, 8), this.config.getRegion(), this.service, API_TERMINATOR);
    }

    public String getSignedHeaders() {
        return "host";
    }

    public String sign(String str, Map<String, String> map) {
        this.service = str;
        this.attributes = map;
        return createSignature(createStringToSign(getCanonicalizedRequest()), deriveSigningKey());
    }

    private String getCanonicalizedRequest() {
        return "GET\n/\n" + getCanonicalizedQueryString(this.attributes) + NEW_LINE + getCanonicalHeaders() + NEW_LINE + getSignedHeaders() + NEW_LINE + sha256Hashhex(WanBatchReplicationPublisherConfig.DEFAULT_TARGET_ENDPOINTS);
    }

    private String createStringToSign(String str) {
        return "AWS4-HMAC-SHA256\n" + this.timestamp + NEW_LINE + getCredentialScope() + NEW_LINE + sha256Hashhex(str);
    }

    private byte[] deriveSigningKey() {
        String secretKey = this.config.getSecretKey();
        String substring = this.timestamp.substring(0, 8);
        try {
            String str = "AWS4" + secretKey;
            Mac mac = Mac.getInstance(HMAC_SHA256);
            mac.init(new SecretKeySpec(str.getBytes(UTF_8), HMAC_SHA256));
            byte[] doFinal = mac.doFinal(substring.getBytes(UTF_8));
            Mac mac2 = Mac.getInstance(HMAC_SHA256);
            mac2.init(new SecretKeySpec(doFinal, HMAC_SHA256));
            byte[] doFinal2 = mac2.doFinal(this.config.getRegion().getBytes(UTF_8));
            Mac mac3 = Mac.getInstance(HMAC_SHA256);
            mac3.init(new SecretKeySpec(doFinal2, HMAC_SHA256));
            byte[] doFinal3 = mac3.doFinal(this.service.getBytes(UTF_8));
            Mac mac4 = Mac.getInstance(HMAC_SHA256);
            mac4.init(new SecretKeySpec(doFinal3, HMAC_SHA256));
            return mac4.doFinal(API_TERMINATOR.getBytes(UTF_8));
        } catch (UnsupportedEncodingException e) {
            return null;
        } catch (InvalidKeyException e2) {
            return null;
        } catch (NoSuchAlgorithmException e3) {
            return null;
        }
    }

    private String createSignature(String str, byte[] bArr) {
        try {
            Mac mac = Mac.getInstance(HMAC_SHA256);
            mac.init(new SecretKeySpec(bArr, HMAC_SHA256));
            return QuickMath.bytesToHex(mac.doFinal(str.getBytes(UTF_8)));
        } catch (UnsupportedEncodingException e) {
            return null;
        } catch (InvalidKeyException e2) {
            return null;
        } catch (NoSuchAlgorithmException e3) {
            return null;
        }
    }

    protected String getCanonicalHeaders() {
        return String.format("host:%s%s", this.endpoint, NEW_LINE);
    }

    public String getCanonicalizedQueryString(Map<String, String> map) {
        List<String> listOfEntries = getListOfEntries(map);
        Collections.sort(listOfEntries);
        return getCanonicalizedQueryString(listOfEntries);
    }

    protected String getCanonicalizedQueryString(List<String> list) {
        Iterator<String> it = list.iterator();
        StringBuilder sb = new StringBuilder(it.next());
        while (it.hasNext()) {
            sb.append('&').append(it.next());
        }
        return sb.toString();
    }

    protected void addComponents(List<String> list, Map<String, String> map, String str) {
        list.add(AwsURLEncoder.urlEncode(str) + '=' + AwsURLEncoder.urlEncode(map.get(str)));
    }

    protected List<String> getListOfEntries(Map<String, String> map) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = map.keySet().iterator();
        while (it.hasNext()) {
            addComponents(arrayList, map, it.next());
        }
        return arrayList;
    }

    private String sha256Hashhex(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(str.getBytes(UTF_8));
            return QuickMath.bytesToHex(messageDigest.digest());
        } catch (UnsupportedEncodingException e) {
            return null;
        } catch (NoSuchAlgorithmException e2) {
            return null;
        }
    }

    public String createFormattedCredential() {
        return this.config.getAccessKey() + '/' + this.timestamp.substring(0, 8) + '/' + this.config.getRegion() + "/ec2/aws4_request";
    }
}
